Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec VPN (Remote Access VPN) - Dynamic NAT

Hello Dear Group

I have as ASA 5510 is configured for Remote Access VPN, ASA authenticates Remoter Clients with Radius Server (Accounting Software) and will Assigne an IP Address from VPN-Pool (172.16.20.0/24) . All prose in authentiction use with radius server is successful, but there is no any iternet browsing on client side. I have configured a Dynamic NAT Rule on  outside ASA interface as I write in the below :

Interface : Outside

Source : VPN-Users Object (Address Pool 172.16.20.0/24)

Translate to Outbound interface.

the NAT Rule in above doesn't work. ( I think traffice is not returing to VPN POOL Address via outside interface)

Note : this VPN Users have to access to INTERNET only. (because of that the range of pool address is different with Inside Network Interface)

Its a favor if you help me how to NAT .

Thank You

Best Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

IPSec VPN (Remote Access VPN) - Dynamic NAT

Hi,

Would really need to see your current NAT configurations in CLI format to determine the problem.

Naturally the problem might be as simple as missing the following command on the ASA

same-security-traffic permit intra-interface

This command is required on the ASA for traffic to come through an interface and leave through the same interface. In your case this interface would be the "Outside" as the VPN Client traffic is coming to the ASA through that interface as is trying to leave through that interface towards the Internet.

- Jouni

2 REPLIES
Super Bronze

IPSec VPN (Remote Access VPN) - Dynamic NAT

Hi,

Would really need to see your current NAT configurations in CLI format to determine the problem.

Naturally the problem might be as simple as missing the following command on the ASA

same-security-traffic permit intra-interface

This command is required on the ASA for traffic to come through an interface and leave through the same interface. In your case this interface would be the "Outside" as the VPN Client traffic is coming to the ASA through that interface as is trying to leave through that interface towards the Internet.

- Jouni

New Member

Re: IPSec VPN (Remote Access VPN) - Dynamic NAT

Thank You

Sent from Cisco Technical Support iPad App

206
Views
0
Helpful
2
Replies